[antimedia] antimedia: You won't hear about it much....

Email subscription to blog articles antimedia at lists.powerblogs.com
Sun May 20 19:02:30 EDT 2007 

Posted by antimedia:
You won't hear about it much....
http://www.antimedia.us/posts/1179702145.shtml


   ....but it's common knowledge within the security community -- our
   utilities [1]are at serious risk of failure due to cyber attacks. The
   reason? Their SCADA (supervisory control and data acquisition) systems
   are not built with security in mind, and they have a lackadaisical
   attitude about security as well.
   Across America there are thousands and thousands of SCADA systems
   controlling everything from water flow through dams to process systems
   at chemical plants to control functions at nuclear plants. These
   systems are not hardened against attack. In fact, they can fail quite
   easily.

     Such failures are common among PLC and supervisory control and data
     acquisition (SCADA) systems, because the manufacturers do not test
     the devices' handling of bad data, said Dale Peterson, CEO of
     industrial system security firm DigitalBond.
     "What is happening in this marketplace is that vendors will build
     their own (network) stacks to make it cheaper," Peterson said. "And
     it works, but when (the device) gets anything that it didn't
     expect, it will gag."
     In many cases, a simple vulnerability scan will even cause the
     devices to crash, Peterson said. During tests in an electrical
     substation, Nessus running in safe scan mode crashed devices, he
     said. In some cases, sending out broadcast data on the network will
     crash several of connected devices, he added.
     "If you were to test any control systems that have any more than
     three or four different network-connected devices, they could be
     knocked over very easily," Peterson said.

   Of course, the industry thinks this isn't a problem, because their
   systems (supposedly) aren't connected to the internet.

     "The integrated control system (ICS) network is not connected to
     the network outside the plant, but it is connected to a very large
     number of controllers and devices in the plant," Johnson said. "You
     can end up with a lot of information, and it appears to be more
     than it could handle."
     The device responsible for flooding the network with data appears
     to be a programmable logic controller (PLC) connected to the
     plant's Ethernet network, according to an NRC information notice on
     the incident (PDF). The PLC controlled Unit 3's condensate
     demineralizer -- essentially a water softener for nuclear plants.
     The flood of data spewed out by the malfunctioning controller
     caused the variable frequency drive (VFD) controllers for the
     recirculation pumps to hang.

   So even though they claim their systems aren't connected to the
   internet, they are. If one system is connected, all systems are.
   The results can range from the comical to the catastrophic. Fixing the
   problem requires an admission that a problem exists. We're not there
   yet.
   Tags: [2]SCADA [3]utilities [4]cyber attack [5]risk

References

   1. http://www.securityfocus.com/news/11465?ref=rss
   2. http://technorati.com/tag/SCADA
   3. http://technorati.com/tag/utilities
   4. http://technorati.com/tag/attack
   5. http://technorati.com/tag/risk

More information about the antimedia mailing list